![]() |
|
Log-Analyse und Auswertung: "Verseuchter" Computer ...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() "Verseuchter" Computer ... Logfile of HijackThis v1.98.2 Scan saved at 23:28:54, on 16.11.04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.50 (5.50.4134.0600) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAMME\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE C:\PROGRAMME\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\SYMTRAY.EXE C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WTOOLSA.EXE C:\WINDOWS\SYSTEM\HIDSERV.EXE C:\PROGRAMME\TOOLBAR\TBPS.EXE C:\PROGRAMME\TOOLBAR\PIB.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAMME\GEMEINSAME DATEIEN\WINTOOLS\WSUP.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\ATICWD32.EXE C:\WINDOWS\SYSTEM\ATITASK.EXE C:\PROGRAMME\NORTON ANTIVIRUS\NAVAPW32.EXE C:\PROGRAMME\MICROSOFT HARDWARE\MOUSE\POINT32.EXE C:\PROGRAMME\NORTON ANTIVIRUS\POPROXY.EXE C:\PROGRAMME\GEMEINSAME DATEIEN\CMEII\CMESYS.EXE C:\WINDOWS\SYSTEM\CGTASK.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\REALSCHED.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\180AX.EXE C:\PROGRAMME\CASHBACK\BIN\CASHBACK.EXE C:\PROGRAMME\BULLSEYE NETWORK\BIN\BARGAINS.EXE C:\PROGRAMME\INTEL\INTEL PSNCU\CPUNUMBER.EXE C:\PROGRAMME\ICQ\NDETECT.EXE C:\PROGRAMME\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAMME\GEMEINSAME DATEIEN\GMT\GMT.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\WINS32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAMME\MICROSOFT OFFICE\OFFICE\OSA9.EXE C:\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchxl.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchxl.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searchxl.com/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.a1.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchxl.com/ie/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50162 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von A1.net O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\Programme\Toolbar\toolbar.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSB.DLL O2 - BHO: (no name) - {14954F05-380D-11D9-83FE-9D533CB8B203} - C:\WINDOWS\SYSTEM\GLO.DLL O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\PROGRAMME\IEMENUEXTENSION\TBEXTN.DLL O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\Programme\Toolbar\toolbar.dll O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [IrMon] IrMon.exe O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiKey] Atitask.exe O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [POINTER] C:\Programme\Microsoft Hardware\Mouse\point32.exe O4 - HKLM\..\Run: [NPROTECT] C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\Run: [Norton eMail Protect] C:\Programme\Norton AntiVirus\POPROXY.EXE O4 - HKLM\..\Run: [CMESys] "C:\PROGRAMME\GEMEINSAME DATEIEN\CMEII\CMESYS.EXE" O4 - HKLM\..\Run: [Cgtask Services] C:\WINDOWS\SYSTEM\cgtask.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SystemSearch] REGEDIT.EXE -S c:\ie.reg O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [180ax] c:\windows\180ax.exe O4 - HKLM\..\Run: [fibql] C:\WINDOWS\fibql.exe O4 - HKLM\..\Run: [CashBack] C:\Programme\CashBack\bin\cashback.exe O4 - HKLM\..\Run: [BullsEye Network] C:\Programme\BullsEye Network\bin\bargains.exe O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB O4 - HKLM\..\Run: [TBPS] C:\Programme\Toolbar\TBPS.exe O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run O4 - HKLM\..\RunServices: [NPROTECT] C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Programme\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programme\Gemeinsame Dateien\Symantec Shared\SymTray.exe "Norton SystemWorks" O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE O4 - HKLM\..\RunServicesOnce: [TBPS] C:\Programme\Toolbar\TBPS.exe /boot O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\GEMEIN~1\WINTOOLS\WTOOLSA.EXE /boot O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Programme\Intel\Intel PSNCU\CPUNumber.exe" /nosplash O4 - HKCU\..\Run: [Mirabilis ICQ] C:\Programme\ICQ\NDetect.exe O4 - HKCU\..\Run: [MsnMsgr] "c:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunServices: [IntelProcNumUtility] "C:\Programme\Intel\Intel PSNCU\CPUNumber.exe" /nosplash O4 - HKCU\..\RunServices: [Mirabilis ICQ] C:\Programme\ICQ\NDetect.exe O4 - HKCU\..\RunServices: [MsnMsgr] "c:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\RunOnce: [win32] c:\program files\wins32.exe O4 - HKCU\..\RunServicesOnce: [win32] c:\program files\wins32.exe O4 - Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O14 - IERESET.INF: START_PAGE_URL=http://www.a1.net/ O16 - DPF: {2FF18E10-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.0) - http://www.zdf.msnbc.de/tools/NewsBrowser/nm0713.cab O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/1755c5764b3e5a5...dxIE601_de.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//colin/main.chm::/load.exe O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.johannrain-softwareentwic...itdefender.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://housecall.trendmicro-europe.c...ll/Xscan53.cab O16 - DPF: {11111111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\4XQJ4XYB\explorer2[1].cab O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/420/online.chm::/on-line.exe O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/.../Installer.exe O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\Programme\Toolbar\toolbar.dll O18 - Filter: text/html - {7E7A40E0-14CE-11D9-83FE-005015D30AEE} - C:\WINDOWS\SYSTEM\GLO.DLL O18 - Filter: text/plain - {7E7A40E0-14CE-11D9-83FE-005015D30AEE} - C:\WINDOWS\SYSTEM\GLO.DLL Geändert von BusterKe (16.11.2004 um 23:34 Uhr) |
Themen zu "Verseuchter" Computer ... |
.inf, antivirus, bho, computer, content.ie5, cpu, dateien, email, explorer, hijack, hijackthis, icq, internet, internet explorer, logfile, messenger, microsoft, msn, msn messenger, programme, registry, rundll, software, symantec, system, windows |